From nobody Tue Dec 26 22:36:35 2023
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T08l80KzJz54RRy;
	Tue, 26 Dec 2023 22:36:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T08l76rPgz3dD4;
	Tue, 26 Dec 2023 22:36:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1703630196;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rFf0Gh4yfm0gAFEyrx25CKIwSGXnR05OR44eGRy3ROQ=;
	b=ED2BTFQzGYO8jkMSXeUkQcFz8jcF8JU3jT0ohoaZlObPZLkuaZg69fnrET6cjKb8Plp58s
	NOX6++0CZX6Tq5DAHP9y8Z/JCuaYhcvJA0vWvqmPbeVpDDVJetUtCFfEu+BFgOXUtehAGF
	qRaBOdsz0Z1usjh4YJql/maYWFsOYh3x3RI1YYUqpkuThHrED0ZX50fuGN2cijHVVME9JF
	L1gpVw6aoxM9lcmwd627g0rsZAazmQKaJJOzONyP5HbuLfAwICVfwuxNhRaUWUMbUruvV4
	eq3aBWVYZ1WzuBwlz2+Tnpi8LUbU48osW9e3H9g3t6Lf6x2chb57TH+tIafZZw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703630196; a=rsa-sha256; cv=none;
	b=Yr3ZS+Z7DzgNnlvCJBO8cPQKIGivZw2fjRtUK8jeAIT07WTfe7zbPH5WTPGyTA3sXNUzo3
	nW0RYpIB510iDbAYo4TDXeosqV2/IymivBrufx+B6vIQ6kv5zSgr4Jcq8G7nGW5vSCkxS7
	VE4rVd2HkfRlao8CMpFXh/eeAcx/gpGqFZoBqY8D16tNrNZVIm/8RgcYN8VIjMdnQMaaSz
	YRy/lseExJEyRPywQEQKkxRezgFLqFptQ6gpefcbsRXL3Ltiqo6m80nMi/gzULa8cTeV02
	MhmHi9ugTXIV/acUL7dFySvlR8piaUTVgBwH4lMhBCbcbTKYtw768t6EPeSL9A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1703630196;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rFf0Gh4yfm0gAFEyrx25CKIwSGXnR05OR44eGRy3ROQ=;
	b=BubsKzPWR7g7uthuk5FtS6CgvGnZNesqOTOvT9GT0jWU18wfDg14gKnnvYRq0Yb85Tr2f/
	WeJqJwIA5TGZz1fOW+awgf7/psuPp5hs1dntG0LpJEj83/k04qBBRx9R331t/9VH1IQrwg
	oBMirDb4cCj0fX8DnPEZMUREoDMqun3NHVt2kUbm6reaBssMTnwB9Z2U9YnEaHJBIrs2WU
	cp60wNDMCm31xryWuS00Zm9tKMsTntsqey+kVRFImhWGwsmGNV4FeOPPVTwb1VFibnsc9t
	Fk1xD2TjgXIAEZLM6sonnbgvojFQCxSlwBh2SODiLUvh2qNphmfVNZpSirD+gw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T08l75sQ0z1CPs;
	Tue, 26 Dec 2023 22:36:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BQMaZ85067570;
	Tue, 26 Dec 2023 22:36:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BQMaZuV067567;
	Tue, 26 Dec 2023 22:36:35 GMT
	(envelope-from git)
Date: Tue, 26 Dec 2023 22:36:35 GMT
Message-Id: <202312262236.3BQMaZuV067567@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: a558130881e9 - main - nfscl: Fix handling of expired
  Kerberos credentials (NFSv4.1/4.2)
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a558130881e9d574dc5f37827fe2284667d5aba8
Auto-Submitted: auto-generated

The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=a558130881e9d574dc5f37827fe2284667d5aba8

commit a558130881e9d574dc5f37827fe2284667d5aba8
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-12-26 22:33:39 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-12-26 22:33:39 +0000

    nfscl: Fix handling of expired Kerberos credentials (NFSv4.1/4.2)
    
    If the NFS server detects that the Kerberos credentials provided
    by a NFSv4.1/4.2 mount using sec=krb5[ip] have expired, the NFS
    server replies with a krpc layer error of RPC_AUTHERROR.
    When this happened, the client erroneously left the NFSv4.1/4.2
    session slot busy, so that it could not be used by other RPCs.
    If this happened for all session slots, the mount point would
    hang.
    
    This patch fixes the problem by releasing the session slot
    and resetting its sequence# upon receiving a RPC_AUTHERROR
    reply.
    
    This bug only affects NFSv4.1/4.2 mounts using sec=krb5[ip],
    but has existed since NFSv4.1 client support was added to
    FreeBSD.
    
    So, why has the bug remained undetected for so long?
    I cannot be sure, but I suspect that, often, the client detected
    the Kerberos credential expiration before attempting the RPC.
    For this case, the client would not do the RPC and, as such,
    there would be no busy session slot.  Also, no hang would
    occur until all session slots are busied (64 for a FreeBSD
    client/server), so many cases of the bug probably went undetected?
    Also, use of sec=krb5[ip] mounts are not that common.
    
    PR:     275905
    Tested by:      Lexi <lexi.freebsd@le-fay.org>
    MFC after:      1 week
---
 sys/fs/nfs/nfs_commonkrpc.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c
index 7ca150d4f54c..e5c658ce76d2 100644
--- a/sys/fs/nfs/nfs_commonkrpc.c
+++ b/sys/fs/nfs/nfs_commonkrpc.c
@@ -1047,6 +1047,22 @@ tryagain:
 			NFSINCRGLOBAL(nfsstatsv1.rpcinvalid);
 			error = ENXIO;
 		}
+	} else if (stat == RPC_AUTHERROR) {
+		/* Check for a session slot that needs to be free'd. */
+		if ((nd->nd_flag & (ND_NFSV41 | ND_HASSLOTID)) ==
+		    (ND_NFSV41 | ND_HASSLOTID) && nmp != NULL &&
+		    nd->nd_procnum != NFSPROC_NULL) {
+			/*
+			 * This can occur when a Kerberos/RPCSEC_GSS session
+			 * expires, due to TGT expiration.
+			 * Free the slot, resetting the slot's sequence#.
+			 */
+			if (sep == NULL)
+				sep = nfsmnt_mdssession(nmp);
+			nfsv4_freeslot(sep, nd->nd_slotid, true);
+		}
+		NFSINCRGLOBAL(nfsstatsv1.rpcinvalid);
+		error = EACCES;
 	} else {
 		NFSINCRGLOBAL(nfsstatsv1.rpcinvalid);
 		error = EACCES;